Information and Communication Company – €50,000 Fine (Croatia, 2025)

€50,000Agencija za zaštitu osobnih podataka22 July 2025Croatia
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

An information communication company in Croatia was fined EUR 50,000 after a cyber attack exposed weaknesses in its data security. This incident shows that companies must have strong security measures to protect sensitive information. It serves as a warning to all businesses about the risks of inadequate security.

What happened

The information communication company suffered a cyber attack due to insufficient security measures.

Who was affected

Users whose personal information was stored by the company were affected by the breach.

What the authority found

The Croatian DPA determined that the company lacked proper technical and organizational measures to secure its data, violating GDPR standards.

Why this matters

This ruling emphasizes that companies must invest in robust security practices to safeguard user data. Failure to do so can lead to significant financial penalties.

GDPR Articles Cited

AI-verified

Art. 32(1)(b) GDPR
View original scraped data
Art. 32(1) b) GDPR
d)
(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 23 April 2026
articles corrected
entity split needed
Croatia enforcementAgencija za zaštitu osobnih podataka actionsAll Information and Communication Company actions
Full Legal Summary
Detailed

The Croatian DPA has imposed a fine of EUR 50,000 on an information communication company. The controller suffered a cyber attack due to insufficient technical and organisational measures to ensure information security. Following the incident, the company implemented these measures and cooperated adequately with the supervisory authority.

Related Enforcement Actions (0)

No other enforcement actions found for Information and Communication Company in HR

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

22 July 2025

Authority

Agencija za zaštitu osobnih podataka

Fine Amount

€50,000

Enforcement Tracker ID

ETid-1237

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Information and Communication Company - Croatia (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: